How Social Engineering is used by Cybercriminals to Steal Your Info
Cybercriminals are no longer some kid in a basement working on a computer. They are highly educated “professionals” with degrees in not only IT but psychology and other arears of human behavior. They use this knowledge to put together clever social engineering campaigns to trick you into giving them the information they are looking for. Below are some of the methods they use to achieve this end.
Although we are swamped with SPAM on a daily basis and we use SPAM filters and anti-SPAM solutions there is only so much the SPAM systems can do in trying to figure out the real email verses the bad email. The rest is on you. If you are like me you spend a few seconds on a new email to determine if it is something you need to read or delete. These cybercriminals are so good at what they do that they often have their emails chosen to read over the legitimate ones. We all know about the Nigerian prince that needs your help to get his money out the country all he needs is a few thousand deposited in an account to secure the deal. But most of the newer ones will attempt to trick you into believing the email comes from Netflix or your bank or Amazon etc… These are just some of the way’s social engineers’ prey on unsuspecting and trusting people. If sending money or willingly giving up information isn’t involved, then there is usually malware within the email. The links that can be clicked on will deploy malware to infect your computer files and obtain information about you or encrypt all your files and hold them hostage for a ransom. It’s amazing how prevalent these scams are. But if you’re educated on them, you won’t become a victim.
Posing as someone you know.
This can take several different forms, however the most obvious is copycat Facebook profiles. This is another prominent scam that cybercriminals use to trick people into thinking they are receiving a friend request from someone they know. The profile will often contain a few photos from the original person’s profile so it looks a tad more real. As unsuspecting friends add this profile, it begins to look more legitimate because of similar friends and associates. This profile can ask for money or send links containing malware to infect your computer, or even corrupt your Facebook profile gaining access to personal information. Another way cybercriminal can gain access to your information is by posing as someone within your company. They can send an email that looks like it’s from your boss when really its fake. Usually, something about the email address will be a bit off, if you’re paying attention. Letters are swapped around or a .net becomes a .com at the end of the email. As soon as you open it or click on a link, there goes malware infecting your computer. This scam is usually highly effective because it gets sent to everyone in the company, and people often take it as real from the boss.
Target people is through advertisements.
Considering ads are pretty much everywhere online now, creating ransomware ads is incredibly easy and a bit difficult to spot among the hundreds of people see every day. For this type of social engineering, cybercriminals literally deploy ad campaigns showcasing a product or a service. When you click on the ad, it downloads malware or ransomware onto your computer. Most of the time these ads are for anti-virus software or a pop-up will come on your computer saying your computer has been infected and to click the link to clean the virus. Tricky, tricky cybercriminals.